Zero Day Initiative - CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud

from Zero Day Initiative 9 months ago

XXE vulnerability CVE-2024-30043 in SharePoint allows reading files, SSRF attacks, NTLM relaying, and other side effects, exploitable by low-privilege users.
Zero Day Initiativehttps://www.thezdi.com/blog/2024/5/29/cve-2024-30043-abusing-url-parsing-confusion-to-exploit-xxe-on-sharepoint-server-and-cloud

BaseXmlDataSource in SharePoint allows Execute method with controlled URL/path strings, making it susceptible to XXE exploitation leading to Pwn2Own implications.
Zero Day Initiativehttps://www.thezdi.com/blog/2024/5/29/cve-2024-30043-abusing-url-parsing-confusion-to-exploit-xxe-on-sharepoint-server-and-cloud

Read at Zero Day Initiative

#xxe-vulnerability #sharepoint #cve-2024-30043 #ssrf-attacks #ntlm-relaying

Collection

[

...

]

Zero Day Initiative - CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and CloudZero Day Initiative - CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud Briefly

Zero Day Initiative - CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud
Zero Day Initiative - CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud
Briefly